A place for non-work-related flimflam, faffing, hodge-podge or jibber-jabber you’d prefer to keep out of more focused work-related channels.
Joy. Docker decided it to copy the “Java” distribution model.
Login to download. annoying
10 million websites, apps and APIs use Cloudflare to give their users a speed boost. At peak we serve more than 10 million requests a second across our 151 data centers. Over the years we’ve made many modifications to our version of NGINX to handle our growth. This is blog post is about one of them.
CloudFlare uses nginx behind the scenes
shellcheck helps a lot
oh that’s nice!
We should add this linting to our
oh new to you? i kind of love it. it’s available by default in travis-ci
i think i’ve seen it before, but never used it
there’s another project that’s kind of an even stricter version, which i’m having trouble finding now for some reason, black something i think….
what Add shellcheck binary for linting bash why Code convention / consistency references https://github.com/koalaman/shellcheck#installing-the-shellcheck-binary
thanks, this looks great too!
integrate it with https://marketplace.visualstudio.com/items?itemName=mynkow.FormatdocumentonSave for VS Code, and everyone write formatted code by default now
Extension for Visual Studio - Enables auto formatting of the code when you save a file. Visual Studio supports auto formatting of the code with the CTRL+E,D or CTRL+E,F key shortcuts but with this extension the command ‘Format Document’ is executed on Save. You can find the source here: https://github.com…
I want to add it to our
build-harness so we validate that the code is well-formatted
what Add shfmt why A shell parser, formatter and interpreter. Supports POSIX Shell, Bash and mksh. Standardize the formatting of our shell scripts the way we do our terraform code references https:…
our current lame linting: https://github.com/cloudposse/build-harness/blob/master/modules/bash/Makefile#L2
build-harness - Collection of Makefiles to facilitate building Golang projects, Dockerfiles, Helm charts, and more
Microsoft outperformed Amazon in the cloud last quarter by $800 million, as Satya Nadella’s company posted $6.9 billion in commercial-cloud revenue (up 53%) while Andy Jassy’s Amazon Web Services unit came in at $6.1 billion (up 49%)–a great quarter, to be sure, but not good enough to keep pace.
I guess “it depends on what the definition of is is”
For those in San Francisco, heads up! I’ll be presenting at “Production Ready Containers” meetup on Helmfiles.
Thu, Aug 30, 2018, 6:00 PM: Schedule00-6 Networking640: Intro by Gladly600: Talks (see full descriptions below)8:00- 8 Final questions & wrap up*Food and drinks will be provided
nice! I’ll send some bay area friends that way
thanks @Max Moon!
@Erik Osterman (Cloud Posse) I may see you 30th in San Francisco! I will be in that area next week.
ohh, no, I will leave few hours before the meetup to fly back to Oslo. Let’s grab a coffee if you are there (my flight from San Francisco airport is at 4:30pm).
On a side note, what are related meetups groups in that area? I will have several days to explore the area and want to attend some local meetups.
How cool! I arrive 8/29
Let’s meet up the day before if you are free
We launched the t1.micro instance type in 2010, and followed up with the first of the T2 instances (micro, small, and medium) in 2014, more sizes in 2015 (nano) and 2016 (xlarge and 2xlarge), and unlimited bursting last year. Today we are launching T3 instances in twelve regions. These general-purpose instances are even more cost-effective […]
I just bought reserved t2.micro 5 days ago, which is ~20$ more expensive than t3.micro.
perfect example of why you too should loathe the concept of RIs.
Amazon’s RI offering forces its customers to :
- become skilled at managing RIs (a skill that is totally unrelated to almost every business)
- gamble against future progress
Yes, but also, AWS is pretty good about letting you switch your RIs around. Still extra work, but mitigates impact a bit
Yeah, they can help, but the most challenging thing is to actually get money out after RI is sold. I live in Europe, but it works only for USA.
No good deed goes unpunished
You (or, someone you know) has claimed to suffer from imposter syndrome at some point in time. But what is it, really? > Impostor syndrome is a psychological pattern in which an indi
TL;DR: You’re awesome. Stop beating yourself up. Stop and smell the roses of your accomplishments thus far. Know when to use blinders.
@tamsky @Daren https://github.com/bitly/oauth2_proxy/issues/628
Hi, As everyone here can see, the project is almost abandoned. I believe someone or preferable a group of people fluent in Go lang should create an 'official' fork of the project so the com…
What was the context regarding bitly/oauth2_proxy ?
@maarten i think it’s about
bitly/oauth2_proxy not being maintained anymore as described here https://cloudposse.com/meetup/sweetops-town-hall-meeting/
Today we had our first “Town Hall” meeting where members of our SweetOps community (slack.cloudposse.com) got together on a Zoom conference call to talk shop. Remember to vote when we should have our next call. Discussion Points GitOps - CI/CD Automation of Terraform Git ChatOps OAuth
I will add some context later today
@Andriy Knysh (Cloud Posse) is correct - it came up in our “Town Hall”
We’ve been using it with our “portal” for kubernetes, but have run into a lot of problems
Most of those problems are fixed in PRs that are languishing in their repo, unapproved without any comments from bitly
@tamsky suggested maybe someone ought to start a hard fork that is maintained.
turns out, others are feeling the same way - which is what the issue is about.
- openid connect is broken (can’t use okta)
- this is the other problem I have: https://github.com/bitly/oauth2_proxy/issues/558#issuecomment-398430903
kubernetes nginx controller supports external auth via: https://github.com/kubernetes/ingress-nginx/blob/master/docs/user-guide/annotations.md#external-authentication However, I'm not sure how …
AWS ALB supports Oauth now, I’ve been trying to find time to tinker with that instead of oauth2 proxy
Today I’m excited to announce built-in authentication support in Application Load Balancers (ALB). ALB can now securely authenticate users as they access applications, letting developers eliminate the code they have to write to support authentication and offload the responsibility of authentication from the backend. The team built a great live example where you can try […]
I suggested the same thing for Atlantis as they were also discussing the same Oauth proxy Thanks for giving context
It’s been a year or more since we looked into using the CoreOS ALB ingress controller for kubernetes. Looks like it’s changed owners now.
aws-alb-ingress-controller - AWS ALB Ingress Controller for Kubernetes
When we used it, it was a bit of a PIA because security groups, subnets, vpcs had to be manually specified
How is the portal written, is it an API ? Probably a lot of work, but is it splittable into accessible html & authenticated api gateway ?
Portal is just a very, very simple static bootstrap site generated using Helm templating. We use it to expose services in the kubernetes cluster like dashboard, grafana, prometheus, etc.
ok, nothing for api gw
If we were running the ALBs with k8s, it would probably be very easy
yea, though the portal only makes sense for us in kubernetes land
and it is actually entirely contained in a helm chart as a go formatted template
so moving it anywehre else for us would be a complete rewrite
anyways, might be something we reimplement later as a bonafide app
I was thinking about client ssl certificates. If cloudfront would do 2 way ssl authentication + openid etc.. Would be nice.
yea, could imagine for some highly sensitive workloads that would be nice.
i know cloudflare can do that
It would be neat if we could abstract away the OIDC stuff on every cloud. Google has theirs: https://cloud.google.com/iap/
Google Cloud’s Identity-Aware Proxy allows administrators to decide who has access to applications running on the Google Cloud. Use IAP to guard access.
@tamsky lol, how are you man!
you guys know each other?
Yeah, worked at Veritone together
hah, small world. how cool! @tamsky has been a great sounding board for me.
He’s probably one of the sharpest guys you’ll run in to.
I believe it
I definitely appreciate the community that Erik is building.
Same here! Looking forward to contributing
@rms1000watt found us through our modules and reached out to me. Hopefully we’ll work together soon.
hah! I used Veritone at my last company (briefly), Logan was my rep, who looks like he got a major promotion since then
really cool stuff
Oh shit, a wild @tamsky appeared!
Veritone family ^^
OHHH SHIT! A WILD @tamsky APPEARED!
@justin.dynamicd yay!!!! Thanks for joining man! Lurk all you want–but I’m going to point you out and highlight how awesome you are! https://www.linkedin.com/in/justin-king-26a4081b/ I worked with Justin at Lantern Credit in Newport Beach. Such a fun & dedicated guy to work with (He gets sh*t done–he’ll deliver and get the job done at any crazy hour). Also if there are any comic book people here–Justin is your man.
hey @rms1000watt and @justin.dynamicd welcome
I need to update that LinkedIn, and thanks for the invite
time to do some channel surfing …
(ends up adding all the channels)
Only one hashi-themed channel? time to go knocking on doors like a digital moron and praise the books of Consul/Vault
Hey Justin! great to have you here
I’m getting a late start today. Will catch up on all the chatter in a couple hours! have a student from Caltech showing up soon that I’m helping with some cool GPU/kubernetes autoscaling stuff with kops.
Hey @justin.dynamicd @rms1000watt - apropos of Newport Beach, I had a friend talking about opening up an office in Orange County somewhere and staffing with SREs, and he was asking me what I think the pool of good people is like. How would you answer? I’m in LA, and hiring good Ops people has been a pain for me forever. But I don’t know, maybe there’s tons of brilliant SREs behind the Orange Curtain?
Selfishly, you should open an OC office because OC is awesome.
@justin.dynamicd will probably have a different perspective also
Ok, so just like LA
let’s create a DevOps Code School
There are some good people in OC for sure
Definitely tough to find though just because most of them are working on other interesting things.
I’d be happy to help/discuss at some point if you’re interested.
DevOps is just a rare breed. Definition is kind of soft for one thing, which makes it hard in hiring and job hunting.
DevOps is a buzz word that usually lands you interviews on making Dockerfiles out of bash scripts, and vague questions about kubernetes that make it clear they know little more than what Kelsey Hightower tweets.
It’s hard to find a employer/employee pairing where both parties are at similar maturity levels
My talk tonight is being live streamed
starts ~6:30pm PST
Topic is on how to use Helmfiles to effortlessly deploy apps on kubernetes
Met up with @antonbabenko in San Francisco!